Form Locking

Formatta Designer allows form designers to securely lock forms and automatically verify the veracity of received forms by using banking-strength encryption. The Lock feature of Formatta Designer prevents unauthorized people from modifying the design of a form (the form layout) - even with another copy of Formatta Designer.

In addition, a form must be locked in order to enable encryption and/or signing of form data by users. The locking is a 2-step process. The first phase permits the form author to specify the cryptographic algorithms that will be used with the form. These preferences determine what encryption method will be used for protecting the layout and user data, and whether the form layout is to be signed with the author's personal certificate. The second phase is the actual locking of the form and happens when the form is saved to disk from within Formatta Designer: the fixed elements of the form (layout, lock preferences, etc.) are hashed, forming the layout hash. This hash is then optionally signed, then finally encrypted using the specified method.

In summary, before a form is published it should always be locked because it:

Prevents unauthorized people from further editing the form layout.

Allows Formatta Filler (and Formatta Server) to determine if a form has been tampered with.

Enables encryption and signatures (which are not available otherwise).

Can allow Filler users to certify who authored the form.

You can lock a form using Formatta's built-in encryption, or use a digital certificate provided by a certificate authority.

Locking With Formatta Encryption

The Formatta Encryption method can be used to encrypt any Field Sets and attachments. Also, the layout hash is mixed with the author's form password (also referred to as the 'lock' password or master password) hash, rehashed and encrypted with Formatta Encryption. Because the author's form lock password is the only one which can decrypt this, the form is protected from editing. In the event someone else duplicated the form, the original author can detect this by attempting to open the form with his form lock password while using Formatta Designer. If the original form author cannot open the form with his form lock password, then he is not the author, and form counterfeiting or 'spoofing' can be proven beyond a reasonable doubt. Other cases of tampering can be also be detected by Formatta Filler by recalculating the layout hash and comparing it with the stored one.

The form author's password is used by the Diffie-Hellman key exchange to generate the public value that is embedded in the form, and covered by the layout hash. This public value participates in all encryption actions performed by the users, allowing the form author to decrypt the form without knowing the users' password(s).

Locking With Digital Certificates

When the form author chooses to use a digital certificate for form locking, the keys associated with the digital certificates govern the encryption of the layout hash, Field Sets, and attachments. The layout hash is encrypted with the designer's public key, making it possible for the designer to edit the form and/or unlock it later by supplying the private key.

To avoid situations where the private key is damaged or lost and the form would have been rendered unusable, the author is asked to provide a supplemental, or 'backup,' password. This backup password will not participate in user data encryption. It is required only when the private key is not present on the system and an authorized individual (likely not the original form author) needs to open the form. The backup password can only be used with Formatta Designer. If the backup password is used to open a locked form, the locking preferences are destroyed, the form is unlocked, and the author is warned to re-lock the form.

In a manner similar with Formatta Encryption, the author's certificate is embedded in the form and will participate in all encryption actions concerning user data (Field Sets and attachments), so the form designer will be able to decrypt the form without the need for the users to explicitly designate him as a "recipient."

Note: Form Authors can sign blank forms no matter which locking method is used.

Using Formatta Filler with Form Locking

When the form is run in Formatta Filler, encryption will differ depending on the locking method chosen:

Formatta Encryption - user enters a password to lock the form.

Digital Certificates - user can choose another person's public key to encrypt the form. Or, if "Limit to just user's and designer's public keys" is selected, the user's own public key. If that's not available, the designer's public key is used to encrypt the form (without the need to select a certificate from a list of those available on the user's PC).

Note: Formatta's implementation of encryption via Digital Certificates is N-way symmetric in that both the designer's (or multiple designer's) and user's certificate's private keys can be used to decrypt.

The "Sign with private key of your Signing Certificate" is available no matter which locking method you choose. It allows the Filler user to view your certificate from the Summary Information dialog, to certify who designed and supplied the form.